Spotify Free Users Beware: Infected Ads Serve Malware, May Hold Your Computer Hostage
Why is a well-known exploit kit that hit the headlines back in 2010 still just as deadly as we head into 2017? Spotify users were the latest victims of the Blackhole Exploit Kit. The ads that help pay for the free version of Spotify are delivered by third party ad servers. So are the majority of online ads these days. One of the ads took users to a malware infection website where the exploit kit was activated to contaminate users’ Windows computers.
Exploit kits are software toolkits designed to be installed on web servers. They utilize scripts to detect vulnerabilities in software installed on the computer that visitors use to navigate to a site that is served up by the malignant web server. Users do not even have to click on the infected ad – it is enough for the ad’s code to be downloaded to the user’s browser. Typically, exploit kits are classified as criminalware and are mostly targeted at Windows users and platforms. The objective is to potentially download a whole range of malware agents from key loggers to online banking Trojans. The best defense against this type of attack is simply to keep your anti-malware software up to date.
Assuming that the bulk of tech-savvy online users do just that, there is a very obvious reason why the criminals behind the Spotify attack invested time and money (presumably) in setting up the malignant ad. There is a substantially large number of users who don’t understand the nature of the hostile online world and are blissfully unaware of the critical need for security software on their devices. That is why what should be a relatively obscure exploit kit from seven years ago is still worth persisting with today.
So how exactly do these exploit kits work?
First of all, it’s important to realize that the majority of malware sites are regular sites that have been hacked and infected. That makes it impossible for you or anybody to know they are on a “bad” site without the aid of a security tool to launch an instant alert. Exploit kits very quickly test a user’s complete environment. That includes OS, browser, installed applications, security settings and systems. It takes less than a second for the complete operation of discovering a vulnerability and downloading the payload of malware. This article explains the infection process very well.
There are many exploit kits available to purchase. Perhaps the most worrying category is the Zero Day kits. Whilst browser and application vendors are constantly watching for and testing for potential vulnerabilities, there is an inevitable delay between warning users about the risk and having those users apply the required patch. Zero Day exploits become available immediately, hence the zero tag in the name. They can be deployed by hackers long before a segment of the user community gets around to patching the vulnerability.
If you want to delve deeper into the technology and ever-evolving incarnations of exploit kits, visit malware-traffic-analysis where Brad maintains a blog that records new discoveries on an almost daily basis. The blog at commercial protection vendor MalwareBytes provides a less techie and more high level discussion of current exploits, trends and observations.